CVE-2002-0675

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.iss.net/security_center/static/9570.php
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp	Vendor Advisory
http://www.securityfocus.com/bid/5223
http://www.atstake.com/research/advisories/2002/a071202-1.txt
http://www.iss.net/security_center/static/9570.php
http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp	Vendor Advisory
http://www.securityfocus.com/bid/5223

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:pingtel:xpressa:1.2.5:::::::*
	cpe:2.3:h:pingtel:xpressa:1.2.7.4:::::::*

History

20 Nov 2024, 23:39

Type	Values Removed	Values Added
References	~~() http://www.atstake.com/research/advisories/2002/a071202-1.txt -~~	() http://www.atstake.com/research/advisories/2002/a071202-1.txt -
References	~~() http://www.iss.net/security_center/static/9570.php -~~	() http://www.iss.net/security_center/static/9570.php -
References	~~() http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp - Vendor Advisory~~	() http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/5223 -~~	() http://www.securityfocus.com/bid/5223 -

Information

Published : 2002-07-23 04:00

Updated : 2024-11-20 23:39

NVD link : CVE-2002-0675

Mitre link : CVE-2002-0675

CVE.ORG link : CVE-2002-0675

JSON object : View

Products Affected

pingtel

xpressa

CWE

NVD-CWE-Other

{"id": "CVE-2002-0675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-07-23T04:00:00.000", "references": [{"url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/9570.php", "source": "cve@mitre.org"}, {"url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5223", "source": "cve@mitre.org"}, {"url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/9570.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/5223", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone."}, {"lang": "es", "value": "La telefon\u00eda basada en voz sobre IP de Pingtel xpressa SIP desde la versi\u00f3n 1.2.5 hasta la 1.2.7.4, no requiere privilegios de administrador para realizar una actualizaci\u00f3n del firmware, lo que permite a usuarios no autorizados a actualizar dicha telefon\u00eda."}], "lastModified": "2024-11-20T23:39:36.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pingtel:xpressa:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5362ACDC-DA8B-4DA7-BEE3-C30083CD715D"}, {"criteria": "cpe:2.3:h:pingtel:xpressa:1.2.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F08D9EF-49D8-44CC-B33D-4EF416E80F62"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}